Leveraging the value of the Security Connected framework from McAfee allows for faster response, lower TCO, and business-wide visibility across systems, networks, and data — helping organizations respond to attacks more quickly and efficiently than relying solely on SOC staff to drive incident response. The following SIEM-integrated partner solutions provide a variety of workflows across organizations, further increasing SOC staff productivity.

Aruba Networks is a leading provider of next-generation network access solutions for the mobile enterprise. The company's Mobility-Defined Networks empower IT departments to support #GenMobile, a new generation of tech-savvy users who rely on mobile devices for every aspect of work and personal communication. Aruba delivers a secure mobility experience by automating infrastructure-wide performance optimization and security actions that previously required manual IT intervention. The results are dramatically improved security, higher productivity, and lower operating costs.

Aruba has partnered with McAfee to deliver an end-to-end enterprise risk mitigation and management solution by integrating with the McAfee SIEM solution. Aruba's ClearPass, a security and management solution, is a McAfee SIEM supported device. ClearPass is an ultra-scalable, high-availability AAA solution with policy management, guest network access, device on-boarding, and device health checks, with a complete understanding of context. It leverages a user's role, device, location, application-use, and time-of-day to execute custom security policies, accelerate device deployments, and streamline network operations across wired, wireless and VPNs. Both the McAfee SIEM solution and ClearPass are positioned as Leaders in Gartner Magic Quadrants, and used together deliver enterprise-class network access.

Confident Technologies, Inc. (CTI) provides image-based, multifactor authentication solutions that are highly secure and easy to use. The company’s unique, image-based approach generates one-time passwords and delivers an entirely out-of-band multifactor authentication solution for strong user authentication that is simple to deploy, easy to use, and cost effective. Users authenticate by simply identifying a few pictures that fit their previously chosen, secret authentication categories. Built with responsive design, CTI’s image-based authentication solutions are ideally suited for use on mobile devices, allowing users to authenticate with just a few quick taps on the touchscreen. CTI’s image-based, multifactor authentication solutions provide strong user authentication, one-time passwords, and out-of-band authentication for secure access to online accounts, web services, applications, and other environments.

CTI’s image-based authentication and verification solutions have been fully integrated with McAfee Enterprise Security Manager (ESM), McAfee’s SIEM platform. CTI’s technologies are used to capture IP addresses and other data of users accessing enterprise systems or online accounts, and feed that data to McAfee ESM for analysis and risk management. With this integration, CTI solutions are able to provide progressive authentication based upon risk factors and security level, and provide McAfee ESM with data that can be used to identify and block malicious IP addresses, brute-force attacks, and other web-borne security threats. Image-based authentication solutions for web, mobile, and multifactor authentication can be inserted as a layer of authentication anywhere in the enterprise that will gain benefit from the additional threat intelligence fed into McAfee ESM.

MEAS listens for events on the mainframe within each LPAR, selecting only those required by the customer. When a desired event is detected, MEAS will capture the event details and convert the data to the appropriate format for McAfee Enterprise Security Manager or McAfee ePO. This allows customers to apply all of the features and functionality of McAfee Enterprise Security Manager and McAfee ePO to mainframe data, such as real-time dashboards, real-time notifications of critical events, out of the box and customized reporting, cross-platform event correlation, and more.

General Dynamics Fidelis Cybersecurity Solutions provides organizations with a robust, comprehensive portfolio of products, services, and expertise to combat today’s sophisticated advanced threats and prevents data breaches. Its commercial enterprise and government customers around the globe can face advanced threats with confidence with Network Defense and Forensics Services, delivered by an elite team of security professionals with decades of hands-on experience, and award-winning Fidelis XPS Advanced Threat Defense Products, which provide visibility and control over the entire threat life cycle.

Fidelis XPS integrates with McAfee Enterprise Security Manager to deliver actionable intelligence and real-time situational awareness at the speed and scale required for security organizations to identify, understand, and respond to advanced threats quickly and efficiently. This is accomplished through a customized McAfee Enterprise Security Manager export method defined in the Fidelis XPS CommandPost enterprise management solution. The export method provided in the Fidelis XPS CommandPost is a predefined syslog format designed for use with McAfee Enterprise Security Manager. The operator does not need to enter keywords, but only specify the McAfee Enterprise Security Manager destination, event criteria for alerts and malware events, and export frequency. The Fidelis XPS CommandPost can then deliver a Fidelis XPS generated alert and recorded object data for correlation in the McAfee SIEM solution.

ForeScout is a provider of clientless network access control and policy enforcement that does not require installing a client on endpoints, such as laptops, desktops, VoIP phones, PDAs, printers, and other devices. ForeScout’s CounterACT appliance provides a range of enforcement options when policy violations are detected.

ForeScout has partnered with McAfee to deliver a unique and powerful solution for continuous monitoring and mitigation of enterprise risk. CounterACT is a network appliance (or virtual appliance) which installs out-of-band, therefore adding no latency or potential for failure to the network. Through advanced integration modules, ForeScout CounterACT shares information with McAfee ePolicy Orchestrator (McAfee ePO) and McAfee Enterprise Security Manager (ESM), and both McAfee ePO and McAfee ESM can trigger ForeScout CounterACT to perform network actions such as quarantining a device.

Integrating GRA into McAfee Enterprise Security Manager (ESM) provides a complete view of human and machine risk by correlating advanced SIEM events with identity-centric behavioral risk analytics. For the first time, it is possible to measure, monitor, and report on risk with machine and human behavioral patterns together. The combined McAfee ESM and GRA solution creates a whole new classification of defense-in-depth capability using anomaly detection and logic through risk algorithms that will run over a Big Data (Hadoop) platform. The seamless integration provides an actionable risk intelligence framework to defend against malicious events such as malware, insider threats, and other unforeseen risks. McAfee ESM and GRA creates predictive models to see patterns of emerging risk such as disgruntled employees or an ID that was stolen or hacked and used to steal IP. GRA provides visualizations and metrics directly to non-technical end-users to take immediate action on serious risky events quickly.

McAfee Compatible solution: GuruCul GRA and McAfee ESM 9.4

HyTrust is a leader in policy management and access control delivering automated controls and visibility that allow its customers to scale their cloud infrastructure, virtualize even Tier 1 applications, achieve compliance, and enable multi-tenancy.

HyTrust CloudControl is the only product that captures highly detailed, real-time logs of every attempted, denied, and approved administrator action in the virtualized datacenter, while enforcing security policies based on those activities. HyTrust CloudControl is integrated with McAfee ePolicy Orchestrator, and the McAfee Enterprise Security Manager solution has been adapted to parse HyTrust log data. Without HyTrust log data, every SIEM solution has a blind spot that prevents it from capturing and analyzing actions (and attempted actions) of admins in VMware datacenters. Not all blind spots are created equal, and the consequences can range from audit failure, to the theft of virtualized applications and data, to entire datacenter outages.

Invincea is a premier innovator in secure virtualization of desktop applications, protecting enterprise networks from Internet-based threats, such as spear phishing. The company’s solutions offer a unique ability to protect networks against all types of threats directed at end users including zero-day threats by seamlessly moving applications that render untrusted content into controlled, secure, virtual environments that automatically detect and terminate threats in real time. Invincea seamlessly moves the browser, PDF reader, complete Office Suite, .zip and .exe file types from the native operating system into fully virtualized and secure environments, harnessing desktop resources without changing the user experience or requiring additional network bandwidth or footprint.

Invincea's integration with McAfee ePolicy Orchestrator (ePO) and McAfee Enterprise Security Manager enables joint customers to automatically import Invincea threat data generated at the desktop point-of-attack into McAfee ePO dashboards and the McAfee Enterprise Security Manager console. This information provides an extensive forensic footprint of the attempted breach, providing unparalleled visibility into the methods, targets, and frequency of attacks. This data is available in real time for administrators to gather electronic intelligence to support broader incident response, discovery, and corporate investigations.

iScan Online is a pioneering security firm that enables scanning from the cloud to any device — anytime, anywhere. Remote workers, mobile devices, branch offices, and the bring your own device (BYOD) trend create a gap in vulnerability, compliance, and security scanning. iScan Online closes this gap by providing visibility to every device no matter where it is and when it accesses a network or application. iScan Online can perform traditional vulnerability scans, compliance scans (PCI, HIPAA), and data discovery scans (PAN, PII). Delivered via the cloud and performed on the device, iScan Online can scan thousands of devices simultaneously.

Mutual customers can initiate scans by iScan Online using the McAfee ePolicy Orchestrator (McAfee ePO) console, and the results will be integrated into McAfee Enterprise Security Manager (ESM). This will provide McAfee customers more visibility into their vulnerability, compliance, and risk posture.

ERPM offers out-of-the-box integration with McAfee Enterprise Security Manager. ERPM works with McAfee Enterprise Security Manager to correlate security and event data, and provide oversight control of elevated privileged accounts. ERPM password check-out/check-in actions and credential changes are seen in the McAfee Enterprise Security Manager console, along with successful and failed password verifications. The McAfee Enterprise Security Manager system tracks and correlates privileged account activities, letting users monitor and respond to issues from within the McAfee Enterprise Security Manager interface. Customers can observe the actions taken by privileged users and pass this information along to security auditors. The combined technologies provide enterprises with enhanced monitoring, visibility, and management of their powerful privileged accounts.

With LOGbinder and McAfee Enterprise Security Manager, there is no need to build rules and alerts for handling the audit events because the McAfee Enterprise Security Manager developers have already prepared them, minimizing in-house work.

The Netfort LANGuardian ensures organizations always have a unified visibility into what is actually happening across their network. It is the industry’s leading out-of-band software for monitoring, troubleshooting, and reporting on both network security and operational issues. The LANGuardian software can be downloaded and installed on standard server hardware, VMware, or hypervisor. It captures traffic passively (usually from a SPAN or mirror port) and using Deep Packet Inspection accurately identifies and extracts the critical detail for the most common applications including Internet, SMB, SQL, and email. This valuable network metadata includes summary details on every traffic flow and granular information dependent on the application such as IP address, user name, file name, file size, domain name, URI, or SQL query. This metadata is subsequently stored in the built-in long life database for real time or historical troubleshooting.

LANGuardian integrates seamlessly into the McAfee Enterprise Security Manager environment to provide an additional complementary data source — network and user activity data — to be integrated into dashboards, graphs, and timelines. With the LANGuardian data integrated into McAfee Enterprise Security Manager, security managers have unified visibility and a single point of access to information about every aspect, including usage of the IT environment. It enables security managers to also see network activity data in context. For example, they can see traffic activity for a user to and from an internal file share including files accessed when investigating suspicious activity.

NIKSUN is a world leader in real-time and forensics-based cyber security and network performance monitoring solutions. The cooperation between McAfee and NIKSUN is expected to create new insights into networks by making network security flaws, which may have been unknown, visible to network administrators for instantaneous remediation.

McAfee Network Threat Behavior Analysis, an integrated component of McAfee Network Security Platform, incorporates NIKSUN. By leveraging the integration of NIKSUN's flagship appliances NetDetector or NetDetectorLive, a rich retrospective time-lapsed view of an attack across the entire infrastructure is available when a security event occurs. You can lock onto an event of interest and directly query all data flows from the last few minutes, hours, or days — all with nanosecond precision. NIKSUN products leverage features like bounce diagrams to examine command response flows, or dynamic application recognition (DAR) to quickly identify what applications are being used across the infrastructure and how they are performing. In the case of a security breach, NIKSUN allows you to instantly determine who attacked, what was taken, when it happened, and how it was accomplished.

nPulse Technologies is the performance leader in packet capture and connection/session analysis. The flagship product, CPX, delivers cost-effective, indexed packet capture at speeds up to 20 Gbps. Leading companies in the Financial Services, Federal Government, and Telecommunications sectors rely on CPX for protection of network and security operations. Through its innovative Pivot2Pcap API, CPX significantly enhances existing monitoring and security solutions.

nPulse's partnership with McAfee Enterprise Security Manager (ESM) allows network security operations personnel to quickly pivot from security alerts in McAfee ESM to the packets and session-level decodes for the event. Allowing users to quickly locate and decode an entire session provides greater visibility into potential malicious activities and payloads, while also eliminating the time required to manually collate all of the packets within a session. Users can expand searches to view network activities before and after a security event, further enhancing visibility for incident response and forensics activities.

McAfee Compatible solution: nPulse CPX 3.X, 4.0, and McAfee ESM 9.3

Most large and medium-sized companies have a multi-platform computing environment and need a SIEM solution such as McAfee Enterprise Security Manager to integrate real-time security-related events originating in their diverse computing environments. Generating real-time security events from the IBM i (AS/400) environment requires in-depth technical knowledge of its security aspects and of how it interfaces with syslog to send these alerts to a specific IP address.

RedSeal Networks develops security posture management software that enables organizations to assess and strengthen their cyberdefenses. Unlike systems that detect attacks once they occur, RedSeal identifies holes in the security infrastructure that could be exploited — before they are discovered by hackers. RedSeal software analyzes and simplifies the complex interaction of firewalls, routers, load balancers, and hosts, delivering an in-depth understanding of overall security posture; continuous compliance with regulations such as PCI, FISMA, and SOX; and actionable steps for risk remediation.

RedSeal Vulnerability Advisor analyzes vulnerabilities discovered by McAfee Vulnerability Manager in the context of network security controls. It identifies which vulnerabilities are exposed to untrustworthy networks and which could be used to launch attacks deeper into the network. It prioritizes vulnerabilities for action based on risk, identifies network mitigation options, and reports on portions of the network that require additional scanning.

Securonix provides a leading information risk intelligence platform for security and compliance professionals. The platform consumes identity, access, and activity information from any source and then uses behavior, access, and identity risk analytics to continuously identify the highest risk users, resources, and activity in the environment for proactive management. At the enterprise application level, such as SAP and Oracle, Securonix goes deeper to automatically and continuously identify and fingerprint sensitive data for data loss protection while monitoring high-risk activity and access.

TITUS is a leading provider of security and compliance software that helps organizations share information securely while meeting policy and compliance requirements. TITUS solutions raise awareness and meet regulatory compliance by visually alerting end users to the sensitivity of information. Products include TITUS Classification, a leading message, document, and file classification and labeling solution; TITUS Aware, products that enhance data loss prevention by detecting sensitive information at the desktop; and the TITUS family of security solutions for Microsoft SharePoint. TITUS solutions are deployed to more than 1.5 million users within more than 300 military, government, and enterprise customers worldwide.

The integration of TITUS Classification solutions with McAfee Data Loss Prevention (DLP) and McAfee Enterprise Security Manager reduces the risk of data loss by capturing users’ inherent knowledge about the sensitivity of information. These applications work together to make that information available to McAfee host- and network-based DLP and enable the DLP solutions to take action based on the user classification labels and metadata. Users are empowered to classify information sensitivity, so organizations don’t have to rely solely on automated content scanning to determine what is sensitive. The originator, who knows the content best, can proactively indicate that the information is sensitive, for more intelligent and accurate DLP decisions. The individual and combined activities (e.x., event logs) of both TITUS and McAfee DLP can then be captured and aggregated by McAfee Enterprise Security Manager situational analysis and corresponding actions so required.

Trapezoid has teamed with Intel to use Intel TXT trusted values and incorporate these into real-world use cases. These use cases will highlight the importance of hardware trust as part of an enterprise’s or cloud provider’s overall security posture. Intel TXT, part of Intel Xeon processor E5-family based servers, enables an end user to validate and attest that they are running their applications on both trusted hardware and a trusted hypervisor. In addition, Trapezoid is working with Intel Identity Protection Technology (Intel IPT) and Intel Expressway Cloud Access 360 to help clients work securely on cloud environments. As part of the SIA program, Trapezoid is integrated into McAfee ePolicy Orchestrator (McAfee ePO) and McAfee SIEM technologies (McAfee Enterprise Security Manager) to deliver policy-based management on trusted endpoints.

McAfee Compatible solution: Trapezoid and McAfee ESM 9.1

Vormetric is the industry leader in data security solutions that span physical, virtual, and cloud environments. Data is the new currency and Vormetric helps over 1,400 customers, including 17 of the Fortune 30 and many of the world’s most security conscious government organizations, to meet compliance requirements and protect what matters — their sensitive data — from both internal and external threats. The scalable Vormetric Data Security Platform protects any file, any database, and any application data — anywhere it resides — with a high performance, market-leading data security platform that incorporates application transparent encryption, privileged user access controls, automation, and security intelligence.

Waterfall Security Solutions Ltd. is the leading provider of Unidirectional Security Gateways and data diodes for industrial networks, SCADA systems, remote monitoring systems, and isolated networks. Waterfall Gateways secure industrial networks from network attacks originating from external networks. Waterfall’s security solutions make it straightforward for utilities and critical infrastructures to achieve compliance with NERC-CIP, NRC, NIST, and other regulations, as well as with cybersecurity best practices. Waterfall’s offerings include support for leading industrial applications, such as OSIsoft PI Historian, GE Proficy iHistorian, Siemens SIMATIC, and GE OSM remote monitoring platforms, and leading industrial protocols, such as OPC, Modbus, DNP3, and ICCP.

Waterfall Unidirectional Gateways provide McAfee Enterprise Security Manager (ESM) installations with visibility into security events and other information in segregated critical infrastructure networks. In addition, McAfee and Waterfall have cooperated to test, validate, and support Waterfall for McAfee ESM, a solution which replicates McAfee ESM data out of Waterfall-isolated networks. The solution permits the industry-leading McAfee SIEM solution and other SIEM components inside of security-isolated networks to secure and manage isolated networks, while still providing visibility into those networks.

ZeroFOX, a social risk-management company, is pioneering security technology that enables organizations to detect and prevent social media-based cyberthreats, including targeted malware, phishing, social engineering, impersonations, and other fraudulent or malicious activity. Its proprietary Security Analysis Engine (SAE) analyzes social networks and distills threat intelligence through ZeroFOX Enterprise — a centralized, cloud-based platform empowering users to take action on alerts and incoming threats. By combating social media risk exposure, ZeroFOX increases an organization’s security posture, while reducing incident response and crisis communications costs.

ZeroFOX raw social media attack data is integrated with McAfee Enterprise Security Manager, parsed, and displayed. The attack data can then be correlated with existing event data to provide a new layer of context within the SIEM solution. This added layer of social media attack intelligence is critical in effectively providing a proactive defense-in-depth security posture — detecting attacks before they hit your network, correlating threats in real time to stop attacks in progress, and understanding the genesis of an attack after it has occurred.